1. Packages
  2. AWS Cloud Control
  3. API Docs
  4. securityhub
  5. getConfigurationPolicy

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

aws-native.securityhub.getConfigurationPolicy

Explore with Pulumi AI

aws-native logo

We recommend new projects start with resources from the AWS provider.

AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi

    The AWS::SecurityHub::ConfigurationPolicy resource represents the Central Configuration Policy in your account.

    Using getConfigurationPolicy

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getConfigurationPolicy(args: GetConfigurationPolicyArgs, opts?: InvokeOptions): Promise<GetConfigurationPolicyResult>
    function getConfigurationPolicyOutput(args: GetConfigurationPolicyOutputArgs, opts?: InvokeOptions): Output<GetConfigurationPolicyResult>
    def get_configuration_policy(arn: Optional[str] = None,
                                 opts: Optional[InvokeOptions] = None) -> GetConfigurationPolicyResult
    def get_configuration_policy_output(arn: Optional[pulumi.Input[str]] = None,
                                 opts: Optional[InvokeOptions] = None) -> Output[GetConfigurationPolicyResult]
    func LookupConfigurationPolicy(ctx *Context, args *LookupConfigurationPolicyArgs, opts ...InvokeOption) (*LookupConfigurationPolicyResult, error)
    func LookupConfigurationPolicyOutput(ctx *Context, args *LookupConfigurationPolicyOutputArgs, opts ...InvokeOption) LookupConfigurationPolicyResultOutput

    > Note: This function is named LookupConfigurationPolicy in the Go SDK.

    public static class GetConfigurationPolicy 
    {
        public static Task<GetConfigurationPolicyResult> InvokeAsync(GetConfigurationPolicyArgs args, InvokeOptions? opts = null)
        public static Output<GetConfigurationPolicyResult> Invoke(GetConfigurationPolicyInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetConfigurationPolicyResult> getConfigurationPolicy(GetConfigurationPolicyArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: aws-native:securityhub:getConfigurationPolicy
      arguments:
        # arguments dictionary

    The following arguments are supported:

    Arn string
    The Amazon Resource Name (ARN) of the configuration policy.
    Arn string
    The Amazon Resource Name (ARN) of the configuration policy.
    arn String
    The Amazon Resource Name (ARN) of the configuration policy.
    arn string
    The Amazon Resource Name (ARN) of the configuration policy.
    arn str
    The Amazon Resource Name (ARN) of the configuration policy.
    arn String
    The Amazon Resource Name (ARN) of the configuration policy.

    getConfigurationPolicy Result

    The following output properties are available:

    Arn string
    The Amazon Resource Name (ARN) of the configuration policy.
    ConfigurationPolicyValue Pulumi.AwsNative.SecurityHub.Outputs.ConfigurationPolicyPolicy
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    CreatedAt string
    The date and time, in UTC and ISO 8601 format.
    Description string
    The description of the configuration policy.
    Id string
    The universally unique identifier (UUID) of the configuration policy.
    Name string
    The name of the configuration policy.
    ServiceEnabled bool
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    Tags Dictionary<string, string>
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    UpdatedAt string
    The date and time, in UTC and ISO 8601 format.
    Arn string
    The Amazon Resource Name (ARN) of the configuration policy.
    ConfigurationPolicy ConfigurationPolicyPolicy
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    CreatedAt string
    The date and time, in UTC and ISO 8601 format.
    Description string
    The description of the configuration policy.
    Id string
    The universally unique identifier (UUID) of the configuration policy.
    Name string
    The name of the configuration policy.
    ServiceEnabled bool
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    Tags map[string]string
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    UpdatedAt string
    The date and time, in UTC and ISO 8601 format.
    arn String
    The Amazon Resource Name (ARN) of the configuration policy.
    configurationPolicy ConfigurationPolicyPolicy
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    createdAt String
    The date and time, in UTC and ISO 8601 format.
    description String
    The description of the configuration policy.
    id String
    The universally unique identifier (UUID) of the configuration policy.
    name String
    The name of the configuration policy.
    serviceEnabled Boolean
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    tags Map<String,String>
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    updatedAt String
    The date and time, in UTC and ISO 8601 format.
    arn string
    The Amazon Resource Name (ARN) of the configuration policy.
    configurationPolicy ConfigurationPolicyPolicy
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    createdAt string
    The date and time, in UTC and ISO 8601 format.
    description string
    The description of the configuration policy.
    id string
    The universally unique identifier (UUID) of the configuration policy.
    name string
    The name of the configuration policy.
    serviceEnabled boolean
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    tags {[key: string]: string}
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    updatedAt string
    The date and time, in UTC and ISO 8601 format.
    arn str
    The Amazon Resource Name (ARN) of the configuration policy.
    configuration_policy ConfigurationPolicyPolicy
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    created_at str
    The date and time, in UTC and ISO 8601 format.
    description str
    The description of the configuration policy.
    id str
    The universally unique identifier (UUID) of the configuration policy.
    name str
    The name of the configuration policy.
    service_enabled bool
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    tags Mapping[str, str]
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    updated_at str
    The date and time, in UTC and ISO 8601 format.
    arn String
    The Amazon Resource Name (ARN) of the configuration policy.
    configurationPolicy Property Map
    An object that defines how AWS Security Hub is configured. It includes whether Security Hub is enabled or disabled, a list of enabled security standards, a list of enabled or disabled security controls, and a list of custom parameter values for specified controls. If you provide a list of security controls that are enabled in the configuration policy, Security Hub disables all other controls (including newly released controls). If you provide a list of security controls that are disabled in the configuration policy, Security Hub enables all other controls (including newly released controls).
    createdAt String
    The date and time, in UTC and ISO 8601 format.
    description String
    The description of the configuration policy.
    id String
    The universally unique identifier (UUID) of the configuration policy.
    name String
    The name of the configuration policy.
    serviceEnabled Boolean
    Indicates whether the service that the configuration policy applies to is enabled in the policy.
    tags Map<String>
    User-defined tags associated with a configuration policy. For more information, see Tagging AWS Security Hub resources in the Security Hub user guide .
    updatedAt String
    The date and time, in UTC and ISO 8601 format.

    Supporting Types

    ConfigurationPolicyParameterConfiguration

    ValueType Pulumi.AwsNative.SecurityHub.ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    Value Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicyParameterValue
    ValueType ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    Value ConfigurationPolicyParameterValue
    valueType ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    value ConfigurationPolicyParameterValue
    valueType ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    value ConfigurationPolicyParameterValue
    value_type ConfigurationPolicyParameterConfigurationValueType
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    value ConfigurationPolicyParameterValue
    valueType "DEFAULT" | "CUSTOM"
    Identifies whether a control parameter uses a custom user-defined value or subscribes to the default AWS Security Hub behavior.
    value Property Map

    ConfigurationPolicyParameterConfigurationValueType

    ConfigurationPolicyParameterValue

    Boolean bool
    A control parameter that is a boolean.
    Double double
    A control parameter that is a double.
    Enum string
    A control parameter that is an enum.
    EnumList List<string>
    A control parameter that is a list of enums.
    Integer int
    A control parameter that is an integer.
    IntegerList List<int>
    A control parameter that is a list of integers.
    String string
    A control parameter that is a string.
    StringList List<string>
    A control parameter that is a list of strings.
    Boolean bool
    A control parameter that is a boolean.
    Double float64
    A control parameter that is a double.
    Enum string
    A control parameter that is an enum.
    EnumList []string
    A control parameter that is a list of enums.
    Integer int
    A control parameter that is an integer.
    IntegerList []int
    A control parameter that is a list of integers.
    String string
    A control parameter that is a string.
    StringList []string
    A control parameter that is a list of strings.
    boolean_ Boolean
    A control parameter that is a boolean.
    double_ Double
    A control parameter that is a double.
    enumList List<String>
    A control parameter that is a list of enums.
    enum_ String
    A control parameter that is an enum.
    integer Integer
    A control parameter that is an integer.
    integerList List<Integer>
    A control parameter that is a list of integers.
    string String
    A control parameter that is a string.
    stringList List<String>
    A control parameter that is a list of strings.
    boolean boolean
    A control parameter that is a boolean.
    double number
    A control parameter that is a double.
    enum string
    A control parameter that is an enum.
    enumList string[]
    A control parameter that is a list of enums.
    integer number
    A control parameter that is an integer.
    integerList number[]
    A control parameter that is a list of integers.
    string string
    A control parameter that is a string.
    stringList string[]
    A control parameter that is a list of strings.
    boolean bool
    A control parameter that is a boolean.
    double float
    A control parameter that is a double.
    enum str
    A control parameter that is an enum.
    enum_list Sequence[str]
    A control parameter that is a list of enums.
    integer int
    A control parameter that is an integer.
    integer_list Sequence[int]
    A control parameter that is a list of integers.
    string str
    A control parameter that is a string.
    string_list Sequence[str]
    A control parameter that is a list of strings.
    boolean Boolean
    A control parameter that is a boolean.
    double Number
    A control parameter that is a double.
    enum String
    A control parameter that is an enum.
    enumList List<String>
    A control parameter that is a list of enums.
    integer Number
    A control parameter that is an integer.
    integerList List<Number>
    A control parameter that is a list of integers.
    string String
    A control parameter that is a string.
    stringList List<String>
    A control parameter that is a list of strings.

    ConfigurationPolicyPolicy

    SecurityHub Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    SecurityHub ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    securityHub ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    securityHub ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    security_hub ConfigurationPolicySecurityHubPolicy
    The AWS service that the configuration policy applies to.
    securityHub Property Map
    The AWS service that the configuration policy applies to.

    ConfigurationPolicySecurityControlCustomParameter

    Parameters Dictionary<string, Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicyParameterConfiguration>
    An object that specifies parameter values for a control in a configuration policy.
    SecurityControlId string
    The ID of the security control.
    Parameters map[string]ConfigurationPolicyParameterConfiguration
    An object that specifies parameter values for a control in a configuration policy.
    SecurityControlId string
    The ID of the security control.
    parameters Map<String,ConfigurationPolicyParameterConfiguration>
    An object that specifies parameter values for a control in a configuration policy.
    securityControlId String
    The ID of the security control.
    parameters {[key: string]: ConfigurationPolicyParameterConfiguration}
    An object that specifies parameter values for a control in a configuration policy.
    securityControlId string
    The ID of the security control.
    parameters Mapping[str, ConfigurationPolicyParameterConfiguration]
    An object that specifies parameter values for a control in a configuration policy.
    security_control_id str
    The ID of the security control.
    parameters Map<Property Map>
    An object that specifies parameter values for a control in a configuration policy.
    securityControlId String
    The ID of the security control.

    ConfigurationPolicySecurityControlsConfiguration

    DisabledSecurityControlIdentifiers List<string>
    A list of security controls that are disabled in the configuration policy
    EnabledSecurityControlIdentifiers List<string>
    A list of security controls that are enabled in the configuration policy.
    SecurityControlCustomParameters List<Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicySecurityControlCustomParameter>
    A list of security controls and control parameter values that are included in a configuration policy.
    DisabledSecurityControlIdentifiers []string
    A list of security controls that are disabled in the configuration policy
    EnabledSecurityControlIdentifiers []string
    A list of security controls that are enabled in the configuration policy.
    SecurityControlCustomParameters []ConfigurationPolicySecurityControlCustomParameter
    A list of security controls and control parameter values that are included in a configuration policy.
    disabledSecurityControlIdentifiers List<String>
    A list of security controls that are disabled in the configuration policy
    enabledSecurityControlIdentifiers List<String>
    A list of security controls that are enabled in the configuration policy.
    securityControlCustomParameters List<ConfigurationPolicySecurityControlCustomParameter>
    A list of security controls and control parameter values that are included in a configuration policy.
    disabledSecurityControlIdentifiers string[]
    A list of security controls that are disabled in the configuration policy
    enabledSecurityControlIdentifiers string[]
    A list of security controls that are enabled in the configuration policy.
    securityControlCustomParameters ConfigurationPolicySecurityControlCustomParameter[]
    A list of security controls and control parameter values that are included in a configuration policy.
    disabled_security_control_identifiers Sequence[str]
    A list of security controls that are disabled in the configuration policy
    enabled_security_control_identifiers Sequence[str]
    A list of security controls that are enabled in the configuration policy.
    security_control_custom_parameters Sequence[ConfigurationPolicySecurityControlCustomParameter]
    A list of security controls and control parameter values that are included in a configuration policy.
    disabledSecurityControlIdentifiers List<String>
    A list of security controls that are disabled in the configuration policy
    enabledSecurityControlIdentifiers List<String>
    A list of security controls that are enabled in the configuration policy.
    securityControlCustomParameters List<Property Map>
    A list of security controls and control parameter values that are included in a configuration policy.

    ConfigurationPolicySecurityHubPolicy

    EnabledStandardIdentifiers List<string>
    A list that defines which security standards are enabled in the configuration policy.
    SecurityControlsConfiguration Pulumi.AwsNative.SecurityHub.Inputs.ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    ServiceEnabled bool
    Indicates whether Security Hub is enabled in the policy.
    EnabledStandardIdentifiers []string
    A list that defines which security standards are enabled in the configuration policy.
    SecurityControlsConfiguration ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    ServiceEnabled bool
    Indicates whether Security Hub is enabled in the policy.
    enabledStandardIdentifiers List<String>
    A list that defines which security standards are enabled in the configuration policy.
    securityControlsConfiguration ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    serviceEnabled Boolean
    Indicates whether Security Hub is enabled in the policy.
    enabledStandardIdentifiers string[]
    A list that defines which security standards are enabled in the configuration policy.
    securityControlsConfiguration ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    serviceEnabled boolean
    Indicates whether Security Hub is enabled in the policy.
    enabled_standard_identifiers Sequence[str]
    A list that defines which security standards are enabled in the configuration policy.
    security_controls_configuration ConfigurationPolicySecurityControlsConfiguration

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    service_enabled bool
    Indicates whether Security Hub is enabled in the policy.
    enabledStandardIdentifiers List<String>
    A list that defines which security standards are enabled in the configuration policy.
    securityControlsConfiguration Property Map

    An object that defines which security controls are enabled in the configuration policy. The enablement status of a control is aligned across all of the enabled standards in an account.

    This property is required only if ServiceEnabled is set to true in your configuration policy.

    serviceEnabled Boolean
    Indicates whether Security Hub is enabled in the policy.

    Package Details

    Repository
    AWS Native pulumi/pulumi-aws-native
    License
    Apache-2.0
    aws-native logo

    We recommend new projects start with resources from the AWS provider.

    AWS Cloud Control v1.9.0 published on Monday, Nov 18, 2024 by Pulumi